Microsoft's February 2025 Patch Tuesday includes security updates for 55 vulnerabilities, with 4 zero-day flaws, two of which are actively exploited. Highlights are 19 elevation of privilege and 22 remote code execution vulnerabilities. Specific zero-days addressed include one posing file deletion risks (CVE-2025-21391) and another granting SYSTEM privileges (CVE-2025-21418). Publicly disclosed zero-days include a UEFI bypass (CVE-2025-21194) and NTLM hash disclosure vulnerability (CVE-2025-21377). Additional updates were also released by other companies, such as Adobe and Google.
Microsoft February 2025 Patch Tuesday Fixes 4 Zero-days, 55 Flaws

